class Admin::UsersController < ApplicationController
  # Be sure to include AuthenticationSystem in Application Controller instead
  # include AuthenticatedSystem


  require_role ["admin","pdm"]
  
  before_filter :login_required

  layout "admin"

  # render new.rhtml
  def new
    @user = User.new
  end
 
  def create
    #logout_keeping_session!
    params[:user][:role_ids] ||= []
    @user = User.new(params[:user])
    success = @user && @user.save
    if success && @user.errors.empty?
      # Protects against session fixation attacks, causes request forgery
      # protection if visitor resubmits an earlier form using back
      # button. Uncomment if you understand the tradeoffs.
      # reset session
      # self.current_user = @user # !! now logged in
      #redirect_back_or_default('/admin/users')
      redirect_to admin_users_url
      flash[:notice] = "注册成功."
    else
      flash[:error]  = "注册失败."
      render :action => 'new'
    end
  end
  
  def index
    @users = User.find(:all)
  end

  def edit
    @user = User.find(params[:id])
  end

  def update
    @user = User.find(params[:id])

    respond_to do |format|
      if @user.update_attributes(params[:user])
        flash[:notice] = 'User was successfully updated.'
        format.html { redirect_to('/admin/users') }
      else
        format.html { render :action => "edit" }
      end

    end

  end

end
